Human Behavior, Insider Threat, and Awareness: An Empirical Study of Insider Threat BehaviorFebruary 2010
The problems that insiders can pose to an organization have become of greater concern and a focus of research. We were interested in better understanding the information-use behavior of malicious insiders, whom we defined as those insiders who leverage their assigned privileges to gather sensitive or proprietary information. Keep mind that an insider may be an employee, contractor, vendor, partner, or even a visitor who is provided internal access privileges. Since getting data has been difficult, we sought to design an experimental framework showing researchers how to generate and analyze their own data. To accomplish our research objectives, we designed and executed an experiment using our organization's employees. These participants used a monitored laptop to complete a scenario that varied their intent for searching the organization's Intranet and the Internet. We then analyzed their behaviors to determine if users with malicious intent showed patterns of behavior that differed from the possible behavioral patterns of users with benign intent. The experimental methods, study design, data analysis, and lessons learned are summarized.